Keep My Opt-Outs, the Google Chrome privacy extension, hasn’t been updated for years

Many internet users aren’t too keen on being tracked by ad-tracking cookies as they surf the web.

So it was with some cheer that Google announced, in January 2011, the availability of its own “Do Not Track” extension for Chrome, called Keep My Opt-Outs.

The extension promises to stop all those creepy personalised ads, and survive a clearing of your browser’s cache.

But there’s bad news for any of the 400,000+ users who rely upon Google’s Keep My Opt-Outs extension. It hasn’t been updated for years.

As Jonathan Mayer, a computer scientist and lawyer at Stanford, describes, Keep My Opt-Outs relies upon its own internal cookie list to know what to block.

The extension doesn’t include a special mechanism for updating its cookie list. In order to revise which businesses are included, Google has to release a new version.

Over the past several years, Google appears to have… forgot. The latest revision of the cookie list was in October 2011.

And Google’s lack of updates is a problem, because there are lots more advertisers out there whose personalised ads could be easily stopped from tracking you. Amongst them, a little one you might have heard of called Facebook.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

3 Responses

Since I use only my phone,I use Firefox for Anbdroid,because of it being the only browser to allow add-ons,or extensions. So the mainn ones I have are (https everywhere) from EFF website to download it to Firefox mobile,then I have Ghostery, Self Destructing Cookies. I have tried the Adgaurd extension which is free for the add-on, and they have many other products like Disconnect that work globally on smart phones but have a subscription because it functioons similarly too a VPN like Disconnect does. One other not menntioned is Ublock for any browserr withh extensions. And Android Firefox too. This one has more options to be really severe if you want it to be,but the default works just fine.

In a rather well timed twist of irony, Apple has called out Facebook and Google - or so it would seem - about their collecting of information. While I certainly don’t know to what extent Mr. Cook is telling the truth, the idea at least resonates with pro-privacy - I can’t really judge him because I’m biased against Apple (and have been for many, many years) just like the other two; as such it would be speculation at best but potentially worse. But in any case:

“Google has not commented on Mr Cook’s comments specifically, but a spokeswoman referred the BBC to the privacy section of its website, which the company has recently updated.

Ads are what enable us to make our services like Search, Gmail, and Maps free for everyone,” one page reads.”

It seems we might have a reason as to why they haven’t updated this extension? I think trying to figure out google’s logic could drive a normal person batty and that would leave me beyond hope so I’ll digress there. In any case, not everyone will see ads. While this is for Firefox, Noscript does wonders, especially if you’re okay with having a very small whitelist and block everything else (i.e. the correct approach, often worded along the lines of ‘that which is not explicitly permitted is prohibited’) - like google. There’s certainly others but Noscript blocks all sorts of things including clickjacking, xss attacks, adverts, general scripts (including flash, java, javascript) and more (but of course no software is perfect). It’s especially good at breaking input on websites (forms for transactions for example) which is a side effect of the others.

“We do not share information with advertisers in a way that personally identifies you, unless you gave us permission.”

And you also didn’t ignore a setting in Safari, I’m sure (which is why there is a class action lawsuit as described at http://www.intego.com/mac-security-blog/safari-google-tracking/ ). You also don’t save the search history of users for years and years and years, like as is described here: http://www.intego.com/mac-security-blog/google-search-archive/ - Yes, I believe that… that you’re lying. You’re right Google - you do have the option to disable some of that, but of course that you have to opt-out instead of opt-in doesn’t really give a good impression - especially for a corporation that has a motto about not being - or one shouldn’t be - evil (however it was worded). Invasion of privacy has this interesting trait that makes it easier to abuse people/things/etc, though, which by itself can lead to evilness.

“And if anyone from Google is reading this, maybe you’d like to either withdraw the Keep My Opt-Outs extension or update it in such a fashion that it can be properly maintained?”

I think that might be their idea of properly maintained; product EOL makes it easy to deal with, after all - just ignore it until it goes away or people stop pestering you. Better would to be remove it as you suggest, though, if they’re unwilling to - or in capable of - updates.

Smashing Security podcast

Online drug dealers get busted due to poor OPSEC! People are still failing to wipe their USB sticks properly! A potential presidential candidate is outed as a former hacker! Flat Earthers! Pi! Empathy!